On Thu, 2010-12-16 at 10:29 -0800, Javier Cardona wrote:
> + ifmsh->vendor_ie_len = setup->vendor_ie_len;
> + if (setup->vendor_ie_len) {
> + new_ie = kmalloc(setup->vendor_ie_len, GFP_KERNEL);
> + if (new_ie)
> + new_ie = memcpy(new_ie, setup->vendor_ie,
> + setup->vendor_ie_len);
kmemdup?
> @@ -287,6 +287,12 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
> *pos++ |= sdata->u.mesh.accepting_plinks ?
> MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
> *pos++ = 0x00;
> +
> + if (sdata->u.mesh.vendor_ie) {
> + int len = sdata->u.mesh.vendor_ie_len;
> + const u8 *data = sdata->u.mesh.vendor_ie;
> + memcpy(skb_put(skb, len), data, len);
> + }
don't you have to account for the size of these in the skb allocation?
> + if (tb[NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE]) {
> + setup->vendor_ie =
> + nla_data(tb[NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE]);
> + setup->vendor_ie_len =
> + nla_len(tb[NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE]);
I think you should check that these are well-formed IEs, there's a
utility function for that somewhere.
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
